Beyond Internet security to risk management

Menu

Stronger Onlne Bank Security

The AP reports that U.S. federal regulators have sent
a letter to banks
saying they should go beyond passwords to two-factor authentication by the end of 2006.
There are all sorts of possibilities for what the other factor might be, from cell phone acks to a physical gizmo that
emits a code to use.
I’m betting banks will ask what your last payment for x purpose was.

Dan Gllmor reports a bank he used only a few years ago still used social security number as logn name.
He says:

Post navigation

2 thoughts on “Stronger Onlne Bank Security”

Two factor authentication in itself doesn’t cut it. It’s transaction authorization that’s needed: every transaction has to be authorized by two-factor authentication, possibly with one-time passwords (be they pre-shared lists of OTPs or on-the-fly generated ones).
This would make life for phishers so much harder (and it’s actually something that’s implemented all over Europe in a more or less pervasive manner).